Releases: kluctl/kluctl
kluctl-v2.23.1
kluctl-v2.23.0
Kluctl v2.23.0 comes with improvements, fixes and breaking changes.
Breaking changes
targetPathin theclusterSecretsandclusterConfigMapvars sources has been deprecated and will be removed in a future release. Instead, use the new commontargetPathfield one level up.- Specifying a target is now mandatory when the
.kluctl.yamldefines targets. See #470 for the reasoning behind this breaking change.
New Features and Improvements
Waiting for readiness
waitReadiness has been improved to allow waiting for readiness on objects that get applied outside of the Kluctl deployment process.
Additionally, the new waitReadinessObjects deployment item can now be used to wait for objects that are not part of the current deployment.
This allows to wait for things that are deployed by controllers/operators, for example CRDs.
New vars sources
The new clusterObject vars source can now be used to load arbitrary Kubernetes objects into variables.
The new gitFiles vars source can now be used to load arbitrary branches/tags and files as variables.
Other new features
--kubeconfigcan now be passed to most commands to override the kubeconfig.
Bugfixes and improvements
- CRD deployments, performed from your deployment or a controller, are now properly detected and handled. This should deployments much more reliable and predictable when proper barriers and waitReadiness/waitReadinessObjects are used.
- Warnings are now printed at the bottom of the pretty command result, avoiding missing existence of those when many changes are reported.
- Kluctl now respects the users cache dirs (e.g. ~/.cache on Linux) und uses those for all cache related things.
Changelog
For a detailed list of changes, see the release comparison: v2.22.0...v2.23.0
kluctl-v2.22.1
kluctl-v2.22.0
Kluctl v2.22.0 comes with improvements, fixes and breaking changes.
Breaking changes
credentialsIdin helm-chart.yaml is deprecated from now on and will be removed in a future release of Kluctl. See "Authentication to Helm Repositories and OCI Registries" for details.- The same applies to the
--helm-username=<credsId>:<username>(and all other --helm-xxx arguments) form, which is deprecated from now on. Use the new--helm-username=<my-host.org>/<optional-path>=<username>form instead. - The migration code for the legacy
flux-kluctl-controllerhas been removed. This means, you can not use this release to perform the migration from the legacy controller to the new controller anymore. If you still need to do this, upgrade to v2.21.x before and go through the migration before actually upgrading to v2.22.0. spec.source.url,spec.source.path,spec.source.credentialsandspec.source.secretRefhave been deprecated. See "KluctlDeployment spec changes" for details.
New Features and Improvements
OCI Support
This release introduces support for OCI includes and the sub-command kluctl oci push. General documentation about OCI support can be found here.
Library Projects
Kluctl now supports Library Projects which are meant to be included in other Kluctl deployments. These library projects can define which arguments are mandatory/optional in the same way as you were able to do for regular projects already. Libraries can be included via OCI includes and Git includes.
The first two library projects that you can already use now are the Kluctl Controller and Kluctl Webui deployments.
AWS configuration via .kluctl.yaml
You can now specify AWS configuration in regard to authentication via .kluctl.yaml, either globally or on target level.
This allows you to configure the AWS profile or service account to use whenever AWS gets involved, e.g. in SOPS decryption or when using AWS Secrets Manager vars sources.
A very powerful side-effect of this is that you can re-use IRSA based authentication locally and in the controller.
Comparable support for other cloud providers will follow in future releases (contributions are welcome here).
GCP Secret Manager and Azure Key Vault support
Variable sources now also support GCP Secret Manager and Azure Key Vault.
GitOps sub-commands
Many new sub commands were implemented to control your GitOps deployments. An example is the kluctl gitops deploy sub-command which will trigger a deployment on the controller. kluctl gitops diff can be used to run a dry-run deploy on the controller and show the diff locally.
All these commands can override GitOps configuration or even the source code of individual repositories, so that you can try out things without actually pushing, e.g. do a kluctl gitops diff with your local changes without the need to push your changes or risk any unwanted deployments.
Authentication to Helm Repositories and OCI Registries
Helm Repository and OCI Registry authentication have been unified and can now all be specified the same way via command line or environment variables. See OCI Authentication and Helm Private Repositories for details.
For GitOps, use the newly introduces spec.credentials field to specify Helm and OCI credentials.
KluctlDeployment spec changes
There are multiple changes to the spec of the KluctlDeployment spec. This release tries its best to add compatibility for the old format, but will not improve the old way of specifying source and credentials in the future. These are the changes made:
spec.sourceis now divided into twogitandocisources. This means, instead of specifyingspec.source.url, you'd now specifyspec.source.git.urlorspec.source.oci.urlinstead. Same applies tospec.source.path.spec.credentialshas been introduced whilespec.source.secretRefandspec.source.credentialshave been deprecated. This new spec field allows to specify multiple sets of credentials for different sets of hosts/registries/repositories.statusintroduced multiple incompatible changes (field removals) that will make the status of deployments incomplete until the first reconciliation loop finishes. You can usually just ignore this situation.- The
kluctl.io/request-xxxannotations are now expected to be valid json adhering to the ManualRequest type. This is considered internal API now and it is recommended to use the newkluctl gitopssub-commands from now on.
Helm lookup
Helm lookups are now finally supported. This will fix many issues with Charts that keep re-generating secrets on every deployment.
Other features and improvements
kluctl controller runnow supports--namespaceand--controller-namespacekluctl deletenow supports the--no-waitflag- Auto-completion can now auto-complete
--contextand--namespace - The
kluctl.io/is-readyannotation can now be used to mark an object are ready, so that everything that waits for readiness will always consider it as ready - The
spec.suspendfield is now shown in the additional printer columns (when usingkubectl get kluctldeploymentsfor example) - Manual deployment requests are now processed even if
spec.suspendis true - You can now set service account annotations via the
controller_service_account_annotationsarg in the Kluctl Controller Deployment
Changelog
For a detailed list of changes, see the release comparison: v2.21.0...v2.22.0
kluctl-v2.21.2
Kluctl v2.21.2 is a patch release with fixes only.
Changelog
- bd0dac4 chore(deps): Bump github.com/bitnami-labs/sealed-secrets (#792)
- ef058d9 chore(deps): Bump github.com/getsops/sops/v3 from 3.8.0-rc.1 to 3.8.0 (#796)
- 21b2682 chore(deps): Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#782)
- c91a27f chore(deps): Bump github.com/go-playground/validator/v10 (#786)
- 7852167 chore(deps): Bump k8s.io/apimachinery from 0.28.1 to 0.28.2 (#784)
- 35ec0dc chore(deps): Bump k8s.io/client-go from 0.28.1 to 0.28.2 (#785)
- bca5ca8 chore(deps): Bump sigs.k8s.io/controller-runtime from 0.16.1 to 0.16.2 (#783)
- c51e9fe fix: Also take ErrResourceDiscoveryFailed into account in checkLegacyKluctlDeployment
- c6d3fbf fix: Bail out early when cmdResult is nil
- adb17fe fix: Don't shadow result var
- 62358cf fix: Fix crash when no targetCtx is available
- 1fad731 fix: Introduce newXXXResult funcs and let them do all generic intialisation
- 27251fd fix: Print real ref when warning about about simulated CRDs while dry-running (#791)
- 6b91d50 fix: Solely use CommandResult as a means to return errors from commands
- e005e68 fix: Use dedicated ctx with timeout actual work and the orifinal ctx for the rest
- 88f6b86 fix: Use name as tie-breaker in calcRemoteObjectsForDiff (#788)
kluctl-v2.21.1
Kluctl v2.21.1 is a patch release with fixes only.
Changelog
- 5dc4311 Merge pull request #771 from kluctl/fix-controller-install
- 72fea67 Merge pull request #779 from kluctl/webui
- c35f6ed chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#773)
- f9cf94c chore(deps): Bump github.com/cyphar/filepath-securejoin (#772)
- 88ad069 chore(deps): Bump github.com/ohler55/ojg from 1.19.2 to 1.19.3 (#777)
- 457ee4d chore(deps): Bump goreleaser/goreleaser-action from 4 to 5 (#778)
- 5806e02 fix: Don't try to get git info when it's not a git repo
- 60d22ad fix: Flush status before outputting results
- e18e1c4 fix: Pass YesArgs to deploy command for "controller install"
- 3b15a6a fix: Reduce initialDelaySeconds and periodSeconds for controller/webui
- a9ed4fb fix: Show for projects without a name
kluctl-v2.21.0
Kluctl v2.21.0 comes with improvements, fixes and breaking changes.
Experimental Webui
This releases introduces the new and experimental Kluctl Webui. It allows you to monitor, analyse and control your GitOps deployments.
A short list of the most important features:
- See all ´KluctlDeployments` that are found on the cluster.
- Manually trigger reconciliations, deployments, prunes, ...
- See drift between desired and actual state of the resources deployed by a
KluctlDeployment. - Approve and trigger manual deployments.
- See past deployment results, including their diffs, warnings, errors, ...
- Suspend/Resume
KluctlDeployments in case you need to intervene in some form. - Also see and analyse deployments performed from the CLI
- Can be run locally or installed to a cluster
- Supports static users (admin and viewer) and OIDC integration.
To try it out, follow the installation or simply run it locally by simply invoking kluctl webui run from your command line.
The Webui is still in early development state and contributions in regard to features and look+feel are very much appreciated.
Command Results
The previous release already introduced experimental writing of command results into the kluctl-results namespace. This release enables these command results by default.
Command results are binary encoded secrets that contain all important information from a previous command (deploy, prune, ...) run. This information is then used by the Webui to display the important and interesting information (e.g. diffs, warnings, errors) to you.
The internal format of these secrets is considered internal for now and not meant to be used by anything else than the Webui. This might change in the future when the internal API gets finalised.
Breaking changes
- The
spec.source.secretReffield in theKluctlDeploymentgot deprecated and will be removed in the next API version bump of thegitops.kluctl.iogroup. Please use thespec.source.credentialslist instead. - The kluctl docker image uses the Chainguards wolfi base image as base from now on. This means that the image is not Debian based anymore!
- Passing --local-git-override/--local-git-override-group in the example.com:path form is deprecated and will not be supported in future versions of Kluctl. Please use the example.com/path form.
- Interval and timeout fields in the
KluctlDeploymentdo not allowneveras value anymore. This was a leftover from the legacy flux-kluctl-controller and was not supported in the new controller. - Git includes and git variables are now specified in the same format as in
spec.source.reffrom theKluctlDeployment, meaning that they are not simple strings anymore but instead must spefify a sub-key of eithertag,branchorcommitfrom now on. The legacy string representation is still possible, but considered deprecated and will be removed in a future Kluctl version.
Features and improvements
- You can now pass
--concurrency=Xtokluctl controller runto increase/decrease concurrent reconciliation ofKluctlDeployments. It defaults to 4. - All commands now accept
--gops-agentto enable the gops support. - Vars sources to indicate that the Webui should not reveal the values to non-admin users. Some variable source types (e.g. SOPS encrypted files) are automatically considered
sensitivewhen not specified otherwise. - The Kluctl Deployments found below the
installfolder in the Kluctl Git repository now support multiple arguments to override resources and other values from the controller/webui deployments. If you use a git include as described in the installation instruction, you have to pass the args via deployment item variables. - The
kluctl deploycommand now supports a--pruneflag that causes Kluctl to prune the deployment immediately after the deploy command finishes. - The controller now supports the
kluctl.io/request-validateand thekluctl.io/request-pruneannotations onKluctlDeployments. They work the same ways as the previously existingkluctl.io/request-reconcileannotation. The main purpose of these annotations is to allow the Webui to trigger commands manually. spec.manualcan now be used to enable "manual deployments", which are deployments that must be manually approved/triggered. This feature works best when used together with the Webui, as it allows you to approve a deployment after looking at the drift and by pressing the approval button.- You can now use regex based image names in fixed images.
- Kluctl now has rudimentary support for Git protocol-v2, meaning that Azure DevOps based Git repositories should work as well now.
kluctl rendercan now be run without even having a kubeconfig present, but only when the deployment doe not require accessing the target cluster (e.g. viaclusterSecretvars sources)- Annotated Git tags are now supported when using Git includes or Git vars sources
Changelog
- 791de20 Added a route for history cards view.
- 64758af Added animations.
- 1c5419f Added card selection when card stack is expanded.
- 4fb00ad Added new history cards view.
- e6f975f Change mouse cursor when hovering over expandable cards. (#648)
- ecdf0c4 Fix tooltips for icons of Command result nodes.
- 02a0977 Fix visual bug on the Targets page in Firefox browser. (#593)
- 776729c Main Page: Added lines from projects to targets.
- 4eed4f3 Main Page: added side panel for command result nodes.
- f17ee24 Main Page: added side panel for target nodes.
- 333507e Main Page: replaced all icons.
- 653cea0 Result Tree page: Added right drawer.
- 7719034 Result tree page: added filters.
- 876f49e Result tree styling.
- 019cee9 Styled Login page.
- 378b76b Updated left drawer styles.
- 5b463de WIP Main Page.
- 6dd8552 WIP Main Page.
- 97975b3 WIP Result tree page.
- 5ce0efa WIP expanding/collapsing nodes.
- 79fc499 WIP history cards.
- bbcbd96 chore(controller): support nodeSelector, tolerations and priorityClassName for install
- 67b5bec chore(deps): Bump actions/checkout from 2 to 3 (#631)
- ce760a0 chore(deps): Bump actions/checkout from 3 to 4 (#760)
- b627f4d chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#555)
- 4b6e2c8 chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#664)
- 36e954f chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#729)
- bc36064 chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#735)
- 50e3081 chore(deps): Bump github.com/aws/aws-sdk-go-v2 from 1.18.1 to 1.19.0 (#666)
- e09d999 chore(deps): Bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.20.1 (#712)
- d5bc92b chore(deps): Bump github.com/aws/aws-sdk-go-v2 from 1.20.2 to 1.21.0 (#740)
- a779e4a chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#567)
- cf1fb30 chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#609)
- 4f1782b chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#663)
- a22fc1b chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#690)
- 8dfc3ac chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#710)
- 4ec8af5 chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#758)
- 82a4e5c chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#770)
- 29cdbfe chore(deps): Bump github.com/aws/aws-sdk-go-v2/credentials (#667)
- 1c7223a chore(deps): Bump github.com/aws/aws-sdk-go-v2/credentials (#711)
- ad8a41c chore(deps): Bump github.com/aws/aws-sdk-go-v2/credentials (#736)
- 8d499be chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#590)
- 4468817 chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#683)
- 05d83a6 chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#687)
- 5e789ce chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#716)
- c95b76a chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#725)
- 8f9dab1 chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/sts (#686)
- 866ec4e chore(deps): Bump github.com/bitnami-labs/sealed-secrets (#619)
- 8327b81 chore(deps): Bump github.com/bitnami-labs/sealed-secrets (#674)
- 01ad4e0 chore(deps): Bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#562)
- 9540a25 chore(deps): Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.1 (#696)
- 5329041 chore(deps): Bump github.com/go-playground/validator/v10 (#551)
- f0aaab3 chore(deps):...
kluctl-v2.20.8
Kluctl v2.20.8 is a patch release with fixes only.
Changelog
- 07bdb45 feat: Allow to override controller/webui resources
- a6a72b7 fix: Explicitely decide if status message is formatted or not (#657)
- 3e7be95 fix: Fix parsing of SCP urls with escaped characters (e.g. spaces)
- b0d49d1 fix: Ignore objects marked for deletion when validating
- d20991c fix: Remove 'never' from allowed values for SafeDuration (#640)
- bf73f59 fix: Treat StatefulSets with replicas=0 as ready
- 4e0e227 fix: Use ParseGitRepoKey in parseRepoOverride
kluctl-v2.20.7
kluctl-v2.20.6
Kluctl v2.20.6 is a patch release with fixes and minor improvements only.
Changelog
- 362f6f3 feat: Allow to pass Kluctl image to deployments
- 4a20483 feat: Remove GitUrl/GitRef from KluctlDeploymentInfo
- 4a64faf fix: Add some tracing when the worktree or index is unclean (#601)
- 9c6941f fix: Allow to run render without a KUBECONFIG being present (#623)
- 5576701 fix: Don't treat deleted objects still as orphan (#582)
- 91b67f2 fix: Fill KluctlDeploymentInfo in CommandResult
- e1bdb87 fix: Fix DEPLOYED printer column (#570)
- d214760 fix: Fix check for request-deploy annotation
- 2ace3a1 fix: Honor kluctl.io/diff-name again
- 5830d06 fix: Introduce workaround for incorrect CRLF handling in git status (#622)
- 15d34b4 fix: Make goreleaser, Dockerfile and Makefile all use the same binary name
- 69f52f9 fix: Properly convert viber bool/int to string args (#548)
- 5201b8c fix: Properly support annotated git tags
- d26dc72 fix: Rename controller_version to kluctl_version and fix snapshot detection (#585)
- 4501f47 fix: Set controller-runtime logger
- 8847c7a fix: Upgrade go-jinja2 to fix symlinks handling in RenderDirectory (#625)